An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
registry.redhat.io/cert-manager/jetstack-cert Rocky
Fixed in: manager-rhel9@sha256:1f62aebd5bbdd5809116b4575adfec3d51c24e48ce188aaf3b06dd26826bc737_s390x RHSA-2026:0990 Fixed in: manager-rhel9@sha256:3ca7fb070c05efc25fe53af6fc922875ecb9d11943d3c243b2840d7ca2b1aa33_amd64 RHSA-2026:0990 Fixed in: manager-rhel9@sha256:5c7fc6f10f7d9f5299ca42feadd98da0ce9d53835e89f8690a74ccd62e20dde5_ppc64le RHSA-2026:0990 Fixed in: manager-rhel9@sha256:28b8e7c5383ce99ef0589242494e9cbb30d0ef94ee16a54c191ab0b434128923_arm64 RHSA-2026:0990 Fixed in: manager-rhel9@sha256:c8c319818479dfb5856d50ccebe1c6aaad008aff2b1ac5c317763a697884b2c2_amd64 RHSA-2026:1042 Fixed in: manager-rhel9@sha256:bf234df32160c906c15cc437b66a7b35a913a400f921f2cd2e44c83a02d9c7b0_s390x RHSA-2026:1042 Fixed in: manager-rhel9@sha256:77f4d70980abe59f1e69bf38bfeeeed0b84b27fe9ae3286666d01a0c8aa6b067_ppc64le RHSA-2026:1042 Fixed in: manager-rhel9@sha256:9f89f2a9de21e45f472d533a7b627c7f27fdf726efef24ff972cebfd30815cbf_arm64 RHSA-2026:1042 Fixed in: manager-rhel9@sha256:09c857f0c20721d6b447f5f567182befc1ca6157128225849117a5c830feab23_amd64 RHSA-2026:1168 Fixed in: manager-rhel9@sha256:63f4e63f3249b6271041d31fcfbf69c3ad699d319302e8fdb2bff5e1b1418707_s390x RHSA-2026:1168 Fixed in: manager-rhel9@sha256:f27e4637dc8b67703abb24f246ee6d59ee3b3637ce5c47ab63b7935553f419e2_ppc64le RHSA-2026:1168 Fixed in: manager-rhel9@sha256:f1b903ff69100fa938d6bdf4d730d35158eec905351344a246e30ef14c847222_arm64 RHSA-2026:1168 registry.redhat.io/cert-manager/jetstack-cert Red Hat / RHEL
Fixed in: manager-rhel9@sha256:3ca7fb070c05efc25fe53af6fc922875ecb9d11943d3c243b2840d7ca2b1aa33_amd64 RHSA-2026:0990 Fixed in: manager-rhel9@sha256:1f62aebd5bbdd5809116b4575adfec3d51c24e48ce188aaf3b06dd26826bc737_s390x RHSA-2026:0990 Fixed in: manager-rhel9@sha256:5c7fc6f10f7d9f5299ca42feadd98da0ce9d53835e89f8690a74ccd62e20dde5_ppc64le RHSA-2026:0990 Fixed in: manager-rhel9@sha256:28b8e7c5383ce99ef0589242494e9cbb30d0ef94ee16a54c191ab0b434128923_arm64 RHSA-2026:0990 Fixed in: manager-rhel9@sha256:c8c319818479dfb5856d50ccebe1c6aaad008aff2b1ac5c317763a697884b2c2_amd64 RHSA-2026:1042 Fixed in: manager-rhel9@sha256:bf234df32160c906c15cc437b66a7b35a913a400f921f2cd2e44c83a02d9c7b0_s390x RHSA-2026:1042 Fixed in: manager-rhel9@sha256:77f4d70980abe59f1e69bf38bfeeeed0b84b27fe9ae3286666d01a0c8aa6b067_ppc64le RHSA-2026:1042 Fixed in: manager-rhel9@sha256:9f89f2a9de21e45f472d533a7b627c7f27fdf726efef24ff972cebfd30815cbf_arm64 RHSA-2026:1042 Fixed in: manager-rhel9@sha256:09c857f0c20721d6b447f5f567182befc1ca6157128225849117a5c830feab23_amd64 RHSA-2026:1168 Fixed in: manager-rhel9@sha256:63f4e63f3249b6271041d31fcfbf69c3ad699d319302e8fdb2bff5e1b1418707_s390x RHSA-2026:1168 Fixed in: manager-rhel9@sha256:f27e4637dc8b67703abb24f246ee6d59ee3b3637ce5c47ab63b7935553f419e2_ppc64le RHSA-2026:1168 Fixed in: manager-rhel9@sha256:f1b903ff69100fa938d6bdf4d730d35158eec905351344a246e30ef14c847222_arm64 RHSA-2026:1168 registry.redhat.io/cert-manager/jetstack-cert-manager Red Hat / RHEL
Fixed in: acmesolver-rhel9@sha256:7906836c624e2aea656d2c64bd3fee260b69c9f6a0ab46e5d228154f5d6241c4_ppc64le RHSA-2026:1042 Fixed in: acmesolver-rhel9@sha256:749ce9e6e1216fc8e8e29c01ff14b11a1290de1bec9bd4d692f5cbace03f8e95_arm64 RHSA-2026:1042 Fixed in: acmesolver-rhel9@sha256:daa6b60824e45c6f31efd64b86995e23279fe310dde2f0293c762354f74d969f_ppc64le RHSA-2026:1168 Fixed in: acmesolver-rhel9@sha256:2f2e78fd6d5a22d977e80100425da58d77a5286d4d017c38e27d7900d52fdb28_s390x RHSA-2026:1042 Fixed in: acmesolver-rhel9@sha256:3bfbc3e69db31103145500f38f7a1db8e7f0462608e5a425674942606aa03ece_s390x RHSA-2026:1168 Fixed in: acmesolver-rhel9@sha256:399c99087dd8b4b6f790dddaa6cd284a1aa459eb641c5b788e1b926e9d0f6a7e_amd64 RHSA-2026:0990 Fixed in: acmesolver-rhel9@sha256:41f1f7807a760ba804e71971810977dc63010a17ccd74b607aaf01fb28386cbc_s390x RHSA-2026:0990 Fixed in: acmesolver-rhel9@sha256:3258027c0fb9426c9ee3567f6dc0d02b85cb661c23300b230f5b1400b43bac25_arm64 RHSA-2026:1168 Fixed in: acmesolver-rhel9@sha256:0a08f25c01d26cf0833fb5fd2e2b77e11b7ee92016c6e039594180262496212f_ppc64le RHSA-2026:0990 Fixed in: acmesolver-rhel9@sha256:cbfb1c86b988a242eb25774b3f1f32d1f29795335c6e4e49f6b3b0065c5af459_arm64 RHSA-2026:0990 Fixed in: acmesolver-rhel9@sha256:155383c4664ea3ed18d0f079be720ad68a5de044448a744d7579af7ff0fc7e0a_amd64 RHSA-2026:1168 Fixed in: acmesolver-rhel9@sha256:08b6b8c954c1a7ceb5a446eb1bc3e28c434cc576b77cd369c85ea79775dfb1cc_amd64 RHSA-2026:1042 registry.redhat.io/cert-manager/jetstack-cert-manager Rocky
Fixed in: acmesolver-rhel9@sha256:08b6b8c954c1a7ceb5a446eb1bc3e28c434cc576b77cd369c85ea79775dfb1cc_amd64 RHSA-2026:1042 Fixed in: acmesolver-rhel9@sha256:3bfbc3e69db31103145500f38f7a1db8e7f0462608e5a425674942606aa03ece_s390x RHSA-2026:1168 Fixed in: acmesolver-rhel9@sha256:3258027c0fb9426c9ee3567f6dc0d02b85cb661c23300b230f5b1400b43bac25_arm64 RHSA-2026:1168 Fixed in: acmesolver-rhel9@sha256:2f2e78fd6d5a22d977e80100425da58d77a5286d4d017c38e27d7900d52fdb28_s390x RHSA-2026:1042 Fixed in: acmesolver-rhel9@sha256:7906836c624e2aea656d2c64bd3fee260b69c9f6a0ab46e5d228154f5d6241c4_ppc64le RHSA-2026:1042 Fixed in: acmesolver-rhel9@sha256:daa6b60824e45c6f31efd64b86995e23279fe310dde2f0293c762354f74d969f_ppc64le RHSA-2026:1168 Fixed in: acmesolver-rhel9@sha256:399c99087dd8b4b6f790dddaa6cd284a1aa459eb641c5b788e1b926e9d0f6a7e_amd64 RHSA-2026:0990 Fixed in: acmesolver-rhel9@sha256:41f1f7807a760ba804e71971810977dc63010a17ccd74b607aaf01fb28386cbc_s390x RHSA-2026:0990 Fixed in: acmesolver-rhel9@sha256:749ce9e6e1216fc8e8e29c01ff14b11a1290de1bec9bd4d692f5cbace03f8e95_arm64 RHSA-2026:1042 Fixed in: acmesolver-rhel9@sha256:0a08f25c01d26cf0833fb5fd2e2b77e11b7ee92016c6e039594180262496212f_ppc64le RHSA-2026:0990 Fixed in: acmesolver-rhel9@sha256:155383c4664ea3ed18d0f079be720ad68a5de044448a744d7579af7ff0fc7e0a_amd64 RHSA-2026:1168 Fixed in: acmesolver-rhel9@sha256:cbfb1c86b988a242eb25774b3f1f32d1f29795335c6e4e49f6b3b0065c5af459_arm64 RHSA-2026:0990 Go Programming Language Windows application
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
Exploitability
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Impact
Confidentiality Low
Integrity Low
Availability None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
0.27% probability of exploitation in 30 days
19th percentile
Low risk: more likely to be exploited than 19% of all known CVEs.
Other CWE-295 (Improper Certificate Validation) vulnerabilities, ordered by exploit likelihood. View all
Embed a live status badge for CVE-2025-61727 Markdown
[](https://tridentstack.com/cve/CVE-2025-61727)HTML
<a href="https://tridentstack.com/cve/CVE-2025-61727"><img src="https://tridentstack.com/cve/badge/CVE-2025-61727.svg" alt="CVE-2025-61727"></a>Find and fix vulnerabilities across your fleet TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start free This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-12-18.